CVE-2022-45151 is a stored Cross-Site Scripting (XSS) vulnerability affecting Moodle, an open-source learning management system widely used by educational institutions and organizations globally. The vulnerability arises from improper neutralization of user-supplied input in several "social" user profile fields, where insufficient sanitization allows attackers to inject arbitrary HTML and JavaScript code. When a victim views the affected profile fields, the malicious script executes in the context of the vulnerable Moodle website, potentially compromising the confidentiality and integrity of user sessions. This vulnerability requires that an attacker has at least some level of authenticated access (PR:L) and that the victim interacts with the malicious content (UI:R). The CVSS v3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), privileges required (PR:L), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). The vulnerability was fixed in Moodle versions 4.0.5 and 3.11.11, indicating that earlier versions remain vulnerable. No known exploits in the wild have been reported to date. The vulnerability is categorized under CWE-79, which is a common and well-understood web application security issue related to improper input sanitization during web page generation.

For European organizations, especially educational institutions, universities, and training providers that rely on Moodle for delivering online courses and managing user profiles, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute malicious scripts in the browsers of users, leading to session hijacking, theft of sensitive information such as credentials or personal data, and potentially the spread of malware or phishing attacks within the Moodle environment. Given the collaborative nature of Moodle platforms, an attacker could leverage this vulnerability to escalate privileges or move laterally within the system. The impact on confidentiality and integrity is moderate but could be amplified in environments where sensitive educational records or personal data are stored. Additionally, the scope change (S:C) means that exploitation could affect resources beyond the initially vulnerable component, increasing the risk of broader compromise. Although no availability impact is noted, the reputational damage and potential regulatory consequences under GDPR for data breaches could be substantial for European entities.

1. Immediate upgrade to Moodle versions 4.0.5 or 3.11.11 or later to ensure the vulnerability is patched. 2. Conduct a thorough audit of all user profile fields, especially custom or social fields, to verify proper input sanitization and encoding practices are enforced. 3. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the Moodle web application context. 4. Enforce strict user input validation and output encoding on all user-supplied data displayed in the web interface, using secure coding libraries or frameworks. 5. Limit privileges for users who can edit profile fields to reduce the risk of malicious input injection. 6. Monitor Moodle logs and user activities for unusual behavior indicative of attempted XSS exploitation. 7. Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within Moodle. 8. If upgrading immediately is not feasible, consider temporary mitigations such as disabling or restricting the use of vulnerable profile fields or applying web application firewall (WAF) rules to detect and block XSS payloads targeting Moodle.